Controlling who can use the iOS app
iOS mobile access is off by default for every admin. Two gates must both be set before anyone can register an iPhone.
Gate 1 — Tenant-wide role gate
Controls which roles are eligible for mobile at all. Set via the API (dashboard controls are not yet available — same as the device list below):
PUT /api/v1/admin/settings/mobile-access-by-role
{"mobileAccess": {"analyst": true, "admin": true, "executive": false}}
- Analyst — typically on
- Admin — typically on
- Executive — often off (they get summary email instead)
This is a tenant-wide policy and only super-admins can change it.
Gate 2 — Per-user opt-in
Even for an eligible role, each admin must individually be opted in:
PUT /api/v1/admin/admin-users/<admin-user-uuid>/mobile-access
{"enabled": true}
Why two gates?
The role gate defends against new hires automatically gaining phone access to production alerts. The per-user toggle lets you offboard someone's phone (leaving their laptop access intact) by flipping one switch; the next push attempt is blocked at the backend.
Auditing
Every toggle emits an audit log entry:
mobile.access.enabled/mobile.access.disabled— per-usermobile.tenant_access.updated— role gate
Query the Audit log page to review who was granted / revoked.
Remote sign-out
To revoke a stolen or lost device:
- Web dashboard → the admin user's detail page.
- Find the registered devices list (future UI) or use the API:
DELETE /api/v1/admin/mobile/devices/<device-uuid>
This marks the device as revoked and the push pipeline skips it on the next alert.
The stored Keychain tokens remain on the device, so also rotate the admin's password / SSO session via the main Admin users action menu to fully invalidate any cached access.